Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PGP signature on Maven Central seems to be incompatible with current Gradle/bouncycastle versions #518

Open
cseewald opened this issue Jul 24, 2024 · 0 comments
Open

PGP signature on Maven Central seems to be incompatible with current Gradle/bouncycastle versions #518

cseewald opened this issue Jul 24, 2024 · 0 comments

Comments

@cseewald
Copy link
Contributor

Expected Behavior

I would like to be able to verify db-scheduler.jar with Gradle Dependency Verification with the PGP signature on Maven Central.

Current Behavior

If I enable dependency verification (https://docs.gradle.org/8.5/userguide/dependency_verification.html) I get an exception in the gradle build which hints at a broken/incompatible PGP signature.

class org.bouncycastle.openpgp.PGPCompressedData cannot be cast to class org.bouncycastle.openpgp.PGPSignatureList (org.bouncycastle.openpgp.PGPCompressedData and org.bouncycastle.openpgp.PGPSignatureList are in unnamed module of loader org.gradle.initialization.MixInLegacyTypesClassLoader @15a04efb)

The error is only reported if db-scheduler is added as a dependency and only if it is version >= 12.0.1.

See https://github.com/cseewald/db-scheduler-client

Context

  • DB-Scheduler Version : 14.0.3
  • Java Version : 17
  • Spring Boot (check for Yes) : [ ]
  • Database and Version : none
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cseewald